CVE-2023-47764: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2023-47764) was identified in Metaphor Creations Ditty, affecting versions through 3.1.24. The vulnerability was discovered by Abdi Pranata and publicly disclosed on November 13, 2023. This security issue allows exploiting incorrectly configured access control security levels in the WordPress Ditty plugin (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 6.5 (Medium). The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed. The vulnerability impacts both integrity and availability at a low level (NVD).

The broken access control vulnerability enables unprivileged users to execute higher privileged actions. This security flaw is considered highly dangerous and is expected to become mass exploited. The vulnerability specifically affects the access control mechanisms of the Ditty plugin, potentially allowing unauthorized actions within WordPress installations (Patchstack).

The vulnerability has been patched in version 3.1.25 of the Ditty plugin. Users are strongly advised to update to this version or later immediately. For temporary mitigation, Patchstack has issued a virtual patch to block potential attacks until users can update to the fixed version (Patchstack).